cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1765
Views
5
Helpful
4
Replies

RV110W - inbound access rules IP filtering doesn't work

peon-worker
Level 1
Level 1

Hi All,

 

I'm trying to use an RV110W with ip filtering on inbound rules. from testing it, i find this doesn't work.

it works if i single port forward, however there is not filtering capability. just forward the port and anyone can access the device. if i use access rules, it will forward the port but IGNORE source IP filtering. i've tried various firmware 1.2.0.9, 1.2.1.4, 1.2.1.7 and all have this problem. for testing purposes, i only forward HTTP. i have nothing in the single port forward.

access rule configuration:

action - always allow

service - HTTP

status - enabled

connection type - inbound Wan- Lan

source IP range - pubic ip range

destintation ip - single private ip

log - always

 

it seems the source ip whether single or range is ignored. i've tried connection type - inbound Wan- DMZ with the same result. i'm using IPv4 for LAN and WAN. Wireless is turned off. Outbound is allowed.

i've factory reset for each firmware image I tried. Has anyone been able to get inbound rules to work properly?

1 Accepted Solution

Accepted Solutions

This is what finally worked for me. 1. setup services with the associated port(s) 2. do NOT use single port forwarding - it ignores IP filtering 3. use range port - this works with IP filtering 4. after setting up service(s) with the appropriate IP filtering, follow them with a DENY of that service(s)

View solution in original post

4 Replies 4

peon-worker
Level 1
Level 1

Never mind ... think i may have solved it. anyone encountering this, make sure you add an explicit deny all rule at the end of access rules. the above access rules tells the router to allow these ips to these ports. unless the packet matches one of the above rules, the deny should stop it.

 

 

 

nope ... sorry this doesn't quite work. a deny access rule will work with single or range of ip addresses, but if you use ANY it stops the rule that had access.  even if the working rule is before the deny ANY rule, it will still stop the working rule. anyone know how you're supposed to block ALL other IP addresses without killing a working rule?

This is what finally worked for me. 1. setup services with the associated port(s) 2. do NOT use single port forwarding - it ignores IP filtering 3. use range port - this works with IP filtering 4. after setting up service(s) with the appropriate IP filtering, follow them with a DENY of that service(s)

Great post, thanks. Confirmed this worked for me with RV110W Wireless-N VPN Firewall and Firmware Version 1.2.2.4.